Skip to content

Tunnel

Source: src/Cloudflare/Tunnel/Tunnel.ts

A Cloudflare Tunnel that establishes a secure connection from your origin to Cloudflare’s edge.

Creating a Tunnel

Section titled “Creating a Tunnel”

Basic tunnel

const tunnel = yield* Cloudflare.Tunnel("MyTunnel");
// Run the connector with: cloudflared tunnel run --token <Redacted.value(tunnel.token)>

Tunnel with ingress rules

const tunnel = yield* Cloudflare.Tunnel("Web", {
  ingress: [
    { hostname: "app.example.com", service: "http://localhost:3000" },
    { service: "http_status:404" },
  ],
});

Managing Tunnels at Runtime

Section titled “Managing Tunnels at Runtime”

The Tunnel resource manages a single, statically-declared tunnel as part of a stack. To create, read, update, or delete tunnels on the fly from inside a deployed Worker, bind one of the runtime tunnel clients instead. Each provisions a least-privilege {@link AccountApiToken} and injects it into the Worker:

  • {@link TunnelRead} — read-only (get, list, getToken, getConfiguration); scoped to Cloudflare Tunnel Read.
  • {@link TunnelWrite} — mutating (create, update, delete, putConfiguration); scoped to Cloudflare Tunnel Write.
  • {@link TunnelReadWrite} — the full CRUD surface; scoped to both.
// init
const tunnels = yield* Cloudflare.TunnelReadWrite.bind();


return {
  fetch: Effect.gen(function* () {
    const tunnel = yield* tunnels.create({ name: "on-demand-tunnel" });
    const token = yield* tunnels.getToken(tunnel.id!);
    return HttpServerResponse.json({ id: tunnel.id, token });
  }),
};